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DETAILED ACTION 
Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1, 5, and 69 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Walker et al (20010004609 Al). 

In reference to claims 45 and 51-52 and 55, Walker discloses a method for authentication 
in a game comprising: storing the authentication information in a database to be used for 
authenticating (pages 3-4 paragraph 0045). 

Walker does not expressly disclose constructing a game console with associated 
authentication information; and using it for the authentication of the game console after the game 
console is released from manufacturing. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use the serial number of a machine to authenticate the machine. One of 
ordinary skill in the art would have been motivated to do this because the serial number is a 
unique identifier and the user uses that particular machine to play the game. 

In reference to claims 1, 5, and 69, Walker discloses a method and computer readable 
instructions comprising: initiating an online gaming activity from a gaming system with multiple 
users (page 8 paragraph 90). The game initializes by loading the player's preferences. The game 
players are authenticated by providing a unique identifier such as a password (page 3 paragraph 
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0045 in combination with page 5 paragraph 0066). The central controller is the authentication 
entity. 

Although Walker discloses the authentication of users, Walker does not expressly 
disclose authenticating the multiple users together in a single request /reply exchange. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to consolidate the authentication of all the players of a single request/reply 
exchange. One of ordinary skill in the art would have been motivated to do this because it would 
reduce the amount of communication required to authenticate the players in a game and therefore 
make the authentication faster. 

Claims 1-4, 6-44, 59-68, 70-74 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Walker as applied to claims 1, 5, 45, 51-52, 58, and 69 above, and further in view of 
Stallings. 

In reference to claims 6, 15-16, 25-26, 28-29, 31-32, 37, 39, 42-44, 59, 67, and 72-74 
Walker discloses a method and computer readable instructions comprising: initiating an online 
gaming activity from a gaming system with multiple users (page 8 paragraph 90). The game 
initializes by loading the player's preferences. The game players are authenticated by providing a 
unique identifier such as a password (page 3 paragraph 0045 in combination with page 5 
paragraph 0066). The central controller is the authentication entity. Walker discloses the 
possibility of teams playing therefore suggests the possibility of consolidating the authentication 
of the players using the multiple user identity. The identity of the team performs the function of 
the multiple user identity. 
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Although Walker discloses an authentication entity, Walker does not disclose a third 
party or a ticket issuing entity and therefore submitting a request from a game console to a ticket 
issuing entity, the request containing a game console identity, and an identity of an online 
service; returning a ticket from the ticket issuing entity to the game console the ticket containing 
the game console identity encrypted with a key associated with the online service; passing the 
ticket from the game console to the online service; and decrypting the ticket at the online service, 
wherein after the decrypting the authenticity of the multiple users contained in the ticket is 
trusted. 

Stalling teaches the system of Kerberos key exchange comprising submitting a request 
from a game console to a ticket issuing entity, the request containing a game console identity, 
and an identity of an online service (page 337 table 1 1.3 message 3). The message has the 
identity of the service that the client requires (ID V ) and the Ticket, which includes the identity of 
the client. The ticket issuing entity returns a ticket to the game console the ticket containing the 
game console identity encrypted with a key associated with the online service (page 337 table 
1 1.3 message 4 especially Ticket v ). The game console (client) passes the ticket to the online 
service (message 5 page 338 paragraph 5); and the online service decrypts the ticket at the online 
service, wherein after the decrypting the authenticity of the multiple users contained in the ticket 
is trusted (page 338 paragraph 6). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use Kerberos as a third party authenticating entity for distribution of ticekts as 
in Stalling in the system of Walker. One of ordinary skill in the art would have been motivated 
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to do this because it is a system that would provide mediation for the mutual authentication of 
the server and the client. 

In reference to claims 2, 33, and 35-36, Walker discloses a method of authenticating that 
comprises: submitting a request from the gaming system to the authenticating entity, the request 
containing identities of the multiple users (Walker page 5 paragraph 0066); 

Walker does not disclose returning a reply from the authentication entity to the gaming 
system that can be used to authenticate the multiple users in the online gaming activity. 

Stallings discloses the use of Kerberos as a ticket issuing system where a ticket is sent to 
the client for authenticating to the server (pages 337 and 338) 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use Kerberos as a third party authenticating entity for distribution of ticekts as 
in Stalling in the system of Walker, One of ordinary skill in the art would have been motivated 
to do this because it is a system that would provide mediation for the mutual authentication of 
the server and the client. 

In reference to claims 3, 7, 19, 27, 34, 38,62-64, and 70-71, Walker does not disclose a 
system to distribute a ticket for authentication purposes. 

Stalling discloses a method wherein the authenticating comprises forming, at the gaming 
system a request containing an identity string that includes a gaming system identity, multiple 
user identities, and an identity of an online service; submitting the request from the gaming 
system to the authentication entity; creating at the authentication entity, a reply containing the 
identity string and a session key Kxa to be used in communication between the gaming system 
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and the online service, the reply being encrypted with a key associated with the online service; 
and returning the reply from the authentication entity to the gaming system (pages 337 and 338), 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use Kerberos as a third party authenticating entity for distribution of tickets as 
in Stalling in the system of Walker. One of ordinary skill in the art would have been motivated 
to do this because it is a system that would provide mediation for the mutual authentication of 
the server and the client. 

In reference to claim 4, a method wherein the authenticating comprises exchanging 
messages specified in the Kerberos protocol, the response message containing a ticket having a 
authorization data field which acknowledges that multiple identities have been authenticated 
(Stall ings page 335). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use Kerberos as a third party authenticating entity for distribution of tickets as 
in Stalling in the system of Walker. One of ordinary skill in the art would have been motivated 
to do this because it is a system that would provide mediation for the mutual authentication of 
the server and the client. 

In reference to claim 8, a method further comprising sending some cryptographically 
information to prove knowledge of the user's key while submitting the request (Stallings page 
337 table 1 1.3 message 3). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to using cryptographic information to prove knowledge of the user's key as in 
Stalling in the system of Walker. One of ordinary skill in the art would have been motivated to 
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do this because it is not possible for an opponent to guess the key without knowledge of the 
encryption keys (Stallings page 338). 

In reference to claims 9, 20, and 65, Walker discloses a method wherein a time that 
game, and therefore the ticket, is generated, a second time parameter indicative of when the 
game (ticket) expires (pages 7 paragraphs 0088-0089). 

However Walker does not disclose Kerberos ticket distribution. 

Stalling teaches the ticket further includes at least one of the online service identity, and a 
randomly generated session key to be used in communication between the game console and the 
onlinse service (table 1 1.3 page 337). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use a randomly generated session key as in Stalling in the system of Walker. 
One of ordinary skill in the art would have been motivated to do this because it would protect a 
specific session and change regularly. 

In reference to claim 10,3, method wherein the returning further comprises sending an 
attached message along with the ticket form the ticket issuing entity to the game console, the 
message containing a randomly generated session key to be used in communication between the 
game console and the online service (page 338 paragarphs 5 and 6). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use a randomly generated session key as in Stalling in the system of Walker. 
One of ordinary skill in the art would have been motivated to do this because it would protect a 
specific session and change regularly. 
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In reference to claim 11, a method wherein the attached session message is encrypted 
with a key associated with the game console (Stalling page 338 paragarphs 5 and 6).. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to encrypt the session message with a key associated with the game console as in 
Stalling in the system of Walker. One of ordinary skill in the art would have been motivated to 
do this because this would authenticate the server in the mutual authentication process. 

In reference to claims 12 and 22, a method wherein the passing comprises sending a 
second message with a current time encrypted with the session key (Stallings page 330 paragraph 
3). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to include a timestamp as in Stalling in the system of Walker. One of ordinary 
skill in the art would have been motivated to do this because it would prove that the message is 
timely. 

In reference to claims 13, 23, and 68, a method wherein the ticket further includes a 
randomly generated session key and the verifying, at the online service, further comprises: 
decrypting the ticket using the key associated with the online service to recover the session key; 
decrypting the second message with the session key to recover the current time; and 
authenticating the multiple users and the game console in the even that the recovered current 
time is within an acceptable time window from the current time (Stallings page 338 paragraphs 
5-6). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use a randomly generated session key as in Stalling in the system of Walker. 
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One of ordinary skill in the art would have been motivated to do this because it would protect a 
specific session and change regularly. 

In reference to claim 14, a method of claim 6, further comprising: sending a reply from 
the online service to the game console; and verifying, at the game console, an authenticity of the 
reply (Stallings page 338). 

At the time the invention was made, it would have been obvious to send the ticket to the 
online service as in Stalling in the system of Walker. One of ordinary skill in the art would have 
been motivated to do this because the ticket is used for mutual authentication of the server and 
client. 

In reference to claims 1 7 and 60 a method wherein the creating comprises computing 
cryptographic hash digests of user keys associated with the multiple users, each user identity 
being a combination of the user identity and the cryptographic hash of an associated user key 
(Walker page 5 paragraph 0066). 

In reference to claims 18 and 61, a method wherein the creating comprises encrypting a 
time value using keys associated with the multiple users, each user identity being a combination 
of the user identity and the current time encrypted with the user key (Stallings page 330 
paragraph 3). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to include a timestamp as in Stalling in the system of Walker. One of ordinary 
skill in the art would have been motivated to do this because it would prove that the message is 
timely. 
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In reference to claims 21 and 66, a method further comprising encrypting the session key 
Kxa with a key associated with the game console before the sending of the session key to the 
game console (Stalling table 1 1.3 page 337). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to encrypt the session message with a key associated with the game console as in 
Stalling in the system of Walker. One of ordinary skill in the art would have been motivated to 
do this because this would authenticate the server in the mutual authentication process. 

In reference to claim 24, a method further comprising: sending a reply from the online 
service to the game console, the reply containing the time value encrypted using the session key 
Kxa; and verifying, at the console, an authenticity of the online service in an event that the game 
console successfully decrypts the time value using the session key Kxa, and the time value 
returned matches the time value sent to the online service (Stalling page 338 paragraphs 5-6). 

At the time the invention was made, it would have been obvious to send the ticket to the 
online service as in Stalling in the system of Walker. One of ordinary skill in the art would have 
been motivated to do this because the ticket is used for mutual authentication of the server and 
client. 

In reference to claim 30, a method further comprising sending the ticket to the online 
service (Stallings page 338). 

At the time the invention was made, it would have been obvious to send the ticket to the 
online service as in Stalling in the system of Walker. One of ordinary skill in the art would have 
been motivated to do this because the ticket is used for mutual authentication of the server and 
client. 
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In reference to claim 40, a method further comprising encrypting the ticket with a key 
associated with the third party prior to said returning the ticket (Stallings page 338 paragraph 6). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to using cryptographic information to encrypt the key with the use of a key 
associated with the third party as in Stalling in the system of Walker. One of ordinary skill in the 
art would have been motivated to do this because it is not possible for an opponent to guess the 
key without knowledge of the encryption keys (Stallings page 338). 

In reference to claim 41, a method further comprising: generating a session key to be 
used in communication between the game console and the third party; and sending the session 
key to the game console (Stallings page 338 paragraphs 5-6). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use a randomly generated session key as in Stalling in the system of Walker. 
One of ordinary skill in the art would have been motivated to do this because it would protect a 
specific session and change regularly. 

Claims 45-58 are rejected under 35 U.S.C. 103(a) as being unpatentable over Walker et 
al (20010004609 Al) in view of Rackman (5,592,651) and Stallings. 

In reference to claims 45 and 51-52 and 58, Walker discloses a method for authentication 
in a game comprising: storing the authentication information in a database to be used for 
authenticating (pages 3-4 paragraph 0045). 

Walker does not expressly disclose constructing a game console with associated 
authentication information; and using it for the authentication of the game console after the game 
console is released from manufacturing. 
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Rackman discloses the use of the serial number for identifying the game console (column 
7 lines 33-52). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use the serial number of a machine to authenticate the machine. One of 
ordinary skill in the art would have been motivated to do this because the serial number is a 
unique identifier and the user uses that particular machine to play the game. 

In reference to claims 46-47,54, and 56, Walker discloses a method of authenticating that 
comprises: submitting a request from the gaming system to the authenticating entity, the request 
containing identities of the multiple users (Walker page 5 paragraph 0066); 

Walker does not disclose returning a reply from the authentication entity to the gaming 
system that can be used to authenticate the multiple users in the online gaming activity. 

Stallings discloses the use of Kerberos as a ticket issuing system where a ticket is sent to 
the client for authenticating to the server (pages 337 and 338) 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use Kerberos as a third party authenticating entity for distribution of ticekts as 
in Stalling in the system of Walker. One of ordinary skill in the art would have been motivated 
to do this because it is a system that would provide mediation for the mutual authentication of 
the server and the client. 

In reference to claims 48-50, 55, and 57, Walker does not disclose a system to distribute 
a ticket for authentication purposes. 

Stalling discloses a method wherein the authenticating comprises forming, at the gaming 
system a request containing an identity string that includes a gaming system identity, multiple 
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user identities, and an identity of an online service; submitting the request from the gaming 
system to the authentication entity; creating at the authentication entity, a reply containing the 
identity string and a session key Kxa to be used in communication between the gaming system 
and the online service, the reply being encrypted with a key associated with the online service; 
and returning the reply from the authentication entity to the gaming system (pages 337 and 338). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use Kerberos as a third party authenticating entity for distribution of tickets as 
in Stalling in the system of Walker. One of ordinary skill in the art would have been motivated 
to do this because it is a system that would provide mediation for the mutual authentication of 
the server and the client. 

In reference to claims 57, Walker does not disclose a system to distribute a ticket for 
authentication purposes. 

Stalling discloses a method wherein the authenticating comprises forming, at the gaming 
system a request containing an identity string that includes a gaming system identity, multiple 
user identities, and an identity of an online service; submitting the request from the gaming 
system to the authentication entity; creating at the authentication entity, a reply containing the 
identity string and a session key Kxa to be used in communication between the gaming system 
and the online service, the reply being encrypted with a key associated with the online service; 
and returning the reply from the authentication entity to the gaming system (pages 337 and 338). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use Kerberos as a third party authenticating entity for distribution of tickets as 
in Stalling in the system of Walker. One of ordinary skill in the art would have been motivated 
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to do this because it is a system that would provide mediation for the mutual authentication of 
the server and the client. 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Paula W Klimach whose telephone number is (703) 305-8421. 
The examiner can normally be reached on Mon to Thr 9:30 a.m to 5:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (703) 305-4393. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



Conclusion 



PWK 

Monday, July 12, 2004 




